Grafana Labs Breach Confined to GitHub After TanStack Supply‑Chain Attack

On May 11, 2026, Grafana’s security team detected unusual activity linked to the TanStack npm package compromise carried out by the threat actor TeamPCP, which also targeted OpenAI and Mistral AI. The intrusion allowed the actors to harvest a GitHub workflow token that, due to an oversight, remained active and granted access to both public and private repositories. Grafana confirmed the breach on May 19, stating the scope included source code, internal collaboration repos, and business contact details such as names and email addresses, but emphasized that no data from its Grafana Cloud platform or customer workloads was touched.

The attackers issued an extortion demand on May 16, which Grafana declined to pay, citing uncertainty over data deletion and the risk of encouraging further campaigns. Prior to the demand, a dark-web listing by the extortion group CoinbaseCartel appeared on May 15, and GitHub later reported investigating unauthorized access to its own internal repositories after TeamPCP offered the platform’s source code for sale on a cybercrime forum.

What It Means The incident illustrates how a single overlooked credential can expand a supply‑chain breach into source‑code theft. Defenders should rotate all GitHub workflow tokens immediately after any suspected npm compromise, enforce token expiration policies, and enable GitHub’s secret scanning to detect exposed credentials in repositories. Monitoring for anomalous API calls (MITRE ATT&CK T1078 – Valid Accounts) and reviewing commit signatures for malicious changes (T1195 – Supply Chain Compromise) can catch similar abuse early. Organizations should also audit third‑party dependencies for known vulnerable versions and apply patches from the TanStack security advisory (GHSA‑xxxx‑xxxx‑xxxx) as soon as they are released.

Watch for follow‑up extortion attempts and any appearance of the stolen repositories on illicit markets; GitHub’s ongoing investigation into TeamPCP’s activity may yield further indicators of compromise.